More bitcoins, more problems: How hackers are targeting bitcoins

Bitcoin has a lot going for it these days. Its price is soaring, mainstream businesses are increasingly adopting it as a form of payment and venture capitalists are pouring money into bitcoin start-ups.

With bitcoin trading for more than $500 on the Mt. Gox exchange, the currency is becoming an attractive target for cybercriminals looking to steal bitcoins. And if your bitcoins are taken, well, you're just plain out of luck.

"If you are a victim of cybercrime or fraud, it would be covered by your bank. But who do you go to if someone steals your bitcoins? Or if an exchange disappears or bank collapses? Who is going to cover you?" said Raj Samani, McAfee's chief technology officer.

Thousands of bitcoin investors found that out the hard way last month when millions of dollars disappeared in one fell swoop after a virtual exchange vanished. The Chinese bitcoin exchange Global Bond Limited (GBL) disappeared on Oct. 26 and with it went as much as $5 million, Samani said.

"The risk can be colossal. But then again, with great risk comes great opportunity. There are people making great sums of money, and there are people with significant losses as well."

The privilege and perils of Bitcoin

Because bitcoins are a cryptographic peer-to-peer digital currency, people are able to send money worldwide almost instantly for very low transaction fees. Such a benefit has attracted consumers, investors and businesses of all sizes to the currency.

But it's also appealing to cybercriminals for many of the same reasons.

"Criminals have been keeping an eye on bitcoin for using and stealing for quite a while, and now that the exchange rate is at roughly $700, the attention of criminals is obviously going to increase," said Roel Schouwenberg, a senior researcher at the security firm Kaspersky Labs.

Criminals are also drawn to the currency because its almost impossible to trace to an individual, so it's easy to anonymously steal and spend bitcoin, Schouwenberg said.

And unfortunately, because the currency is not regulated by any country or central bank, consumers and businesses stand to lose a lot of money if their bitcoins are hacked.

"Unlike in real life, what is spent is spent," said Bogdan Botezatu, a senior analyst at the security firm Bitdefender. "You aren't getting that bitcoin back."

How hackers are stealing bitcoins

Every bitcoin has an address with a matching encrypted key—a secret number that unlocks the bitcoin so the owner can access it for making payments. The key is designed to determine the bitcoin's address, but the bitcoin address cannot be used to do identify the private key. So if someone gets your private key, they can spend your bitcoin.

Currently, there are a few ways to store bitcoins, Botezatu said.

People can store bitcoins on the Internet with an online service, like an online stock exchange or bitcoin wallet. They also can be stored on a computer in an encrypted wallet on an offline wallet, which may consist of copying the wallet to a computer that is not connected to the Internet or to an external storage medium. People can also print out their encryption keys on paper and store them in a safe place.

One way cybercriminals are stealing bitcoins is by using malware to target bitcoin wallets stored on their machine that is connected to the Internet, Schouwenberg said.

They are also hacking into severs of bitcoin exchanges and other third-party platforms, he said. Many of these storage services are run with little funds and bare-bones infrastructure, so they can be easy targets, Schouwenberg said.

And since these online bitcoin wallets and other storage businesses are not regulated, it's not difficult to set up a rogue service claiming to secure bitcoins.

"Anyone can start their own bitcoin service, their own mining tool, their own thing and just walk away," Schouwenberg said. "In recent weeks we have seen a number of cases where we are not entirely sure if the online services are being hacked or the people running the site are just walking away from the services with people's bitcoins."

Preventing bitcoin burglary

The first thing people should remember when storing their bitcoins is to not keep it all in one place.

"Storing all your bitcoins on an online bitcoin bank is like putting all your eggs in the same basket. It's not a good idea," Botezatu said.

Bitcoin owners should keep a small amount of bitcoins in their online wallet for everyday use and larger sums in a safer environment, like in an offline encrypted wallet.

It's also important to use two-factor authentication (password and another verification) for any online services storing your bitcoin wallets.

Schouwenberg said holders also should back up their bitcoin wallet to help protect against computer failures and other human mistakes. If you are going to store a backup online, make sure to encrypt it. And if you plan to use a wallet on your smartphone, then you should encrypt that wallet.

Make sure you never forget your wallet password because there aren't many password recovery options.

While there is an ongoing effort to make the digital currency more secure, it's still in a nascent state, said Alan Silbert, CEO of BitPremier, a luxury e-commerce site that only accepts bitcoin.

"There's a lot of money being invested in security and it will improve as time goes on," he said. "People are scrambling to increase it as fast as they can. But it's ripe for hackers for the time being."